SUSE-SA:2005:050: kernel

This script is Copyright (C) 2005-2010 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2005:050 (kernel).


The Linux kernel was updated to fix the following security issues:
- CVE-2005-2457: A problem in decompression of files on 'zisofs'
filesystem was fixed.

- CVE-2005-2458: A potential buffer overflow in the zlib decompression
handling in the kernel was fixed.

- CVE-2005-2459: Some return codes in zlib decoding were fixed which
could have led to an attacker crashing the kernel.

- CVE-2005-2555: Only processes with the CAP_NET_ADMIN capability is
now allowed load socket policies.

- CVE-2005-2456: Fixed a potential overflow caused by missing boundary
checks of sock->sk_policy in net/xfrm/.

- AMD64/EM64T/x86_64 only: A previous fix for a denial of service
attack with compat 32bit mode programs was too strict and could
crash the kernel. (The earlier fix had the Mitre CVE ID CVE-2005-1765.)

- S/390 only: Fixed /sys/ permissions where a user could change machine
states, including powering down or up partitions.

- CVE-2005-0916: PowerPC only: A missing patch for a hugetlb memory
context handling problem was added.

Above problems affect SUSE Linux 9.1 up to 9.3 and SUSE Linux
Enterprise Server 9.

Solution :

http://www.suse.de/security/advisories/2005_50_kernel.html

Risk factor :

High

Family: SuSE Local Security Checks

Nessus Plugin ID: 19929 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now